package com.example.permissionservice.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

/**
 * 配置类
 */
@EnableWebSecurity//开启MVC security安全支持
public class SecurityConfig extends WebSecurityConfigurerAdapter {

//    @Autowired
//    private DataSource dataSource;

    @Qualifier("userDetailServiceImp")
    @Autowired
    private UserDetailsService userDetailsService;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
//        super.configure(http);

        // 自定义用户授权管理
        http
                //If you are using Spring Security,
                // make sure to enable CORS at Spring Security level as well
                // to allow it to leverage the configuration defined at Spring MVC level.
//                .cors().and()//自己加的
                .authorizeRequests()
                .antMatchers("/**").permitAll()
                // 需要对static文件夹下静态资源进行统一放行
//                .antMatchers("/login/**").permitAll()
//                .antMatchers("/detail/common/**").hasRole("common")
//                .antMatchers("/detail/vip/**").hasRole("vip")
                .anyRequest().authenticated()
                //禁止csrf(除GET方法以外所有方法没有token时不能被访问)
                .and().csrf().disable();

        // 自定义用户登录控制
//        http.formLogin()
//                .loginPage("/userLogin").permitAll()
//                .usernameParameter("username")//网页表单中name为username的项作为用户名
//                .passwordParameter("password")//网页表单中name为password的项作为密码
//                .defaultSuccessUrl("/")
//                .failureUrl("/userLogin?error");

        // 自定义用户退出控制
//        http.logout()
//                .logoutUrl("/mylogout")
//                .logoutSuccessUrl("/");

        // 定制Remember-me记住我功能
//        http.rememberMe()
//                .rememberMeParameter("rememberme")
//                .tokenValiditySeconds(200)
                // 对cookie信息进行持久化管理
//                .tokenRepository(tokenRepository())
        ;
        System.out.println("permission包中SecurityConfig创建完成");
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        PasswordEncoder encoder = new BCryptPasswordEncoder();

        /*  ------------使用JDBC进行验证的方式------------  */
//        String userSQL = "select username,password,valid from t_customer " +
//                "where username = ?";
//        String authoritySQL = "select c.username,a.authority " +
//                "from t_customer c,t_authority a,t_customer_authority ca " +
//                "where ca.customer_id = c.id and ca.authority_id = a.id and c.username =?";
//
//        auth.jdbcAuthentication()
//                .passwordEncoder(encoder)
//                .dataSource(dataSource)
//                .usersByUsernameQuery(userSQL)
//                .authoritiesByUsernameQuery(authoritySQL);
        /*  ---------------------------------------------  */

        /*  -------使用UserDetailsService进行验证的方式------  */
        auth.userDetailsService(userDetailsService).passwordEncoder(encoder);
        /*  --------------------------------------------  */
    }

//    /**
//     * 持久化Token存储
//     * @return
//     */
//    @Bean
//    public JdbcTokenRepositoryImpl tokenRepository(){
//        JdbcTokenRepositoryImpl jr=new JdbcTokenRepositoryImpl();
//        jr.setDataSource(dataSource);
//        return jr;
//    }
}
